India: National e-Governance Division issued guidelines for consent management under Digital Personal Data Protection Act

On 6 June 2025, the National e-Governance Division (NeGD), under the Ministry of Electronics and Information Technology (MeitY), issued the business requirement document (BRD) for consent management under the Digital Personal Data Protection (DPDP) Act, 2023. The BRD outlines the objectives and functional requirements for a Consent Management System (CMS) designed to ensure compliance with the Act, used by Data Fiduciaries and Processors to manage the consent of Data Principals. Elements include managing the full consent lifecycle, empowering Data Principals to control their data preferences, and detailing specific requirements for consent collection, such as purpose-specific, granular, and explicit consent, alongside multi-language support and audit logging. This document provides guidelines for developing the CMS to facilitate secure and compliant processing of personal data.